CN112784263B - Bit-locked disk handler management system and method - Google Patents
Bit-locked disk handler management system and method Download PDFInfo
- Publication number
- CN112784263B CN112784263B CN201911090111.5A CN201911090111A CN112784263B CN 112784263 B CN112784263 B CN 112784263B CN 201911090111 A CN201911090111 A CN 201911090111A CN 112784263 B CN112784263 B CN 112784263B
- Authority
- CN
- China
- Prior art keywords
- bit
- program identification
- user
- program
- identification code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 24
- 238000012545 processing Methods 0.000 claims abstract description 25
- 238000007726 management method Methods 0.000 claims description 28
- 230000000903 blocking effect Effects 0.000 claims description 16
- 230000006870 function Effects 0.000 description 10
- 230000007246 mechanism Effects 0.000 description 10
- 244000035744 Hura crepitans Species 0.000 description 9
- 230000008520 organization Effects 0.000 description 9
- 238000007639 printing Methods 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 239000011159 matrix material Substances 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000006378 damage Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000000717 retained effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Databases & Information Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a bit lock disk processing program management system and a method, which control and coordinate the system operation through a processing module, and comprise the following steps: an access right module for setting access right including user unit, creating virtual user and making the confidential file correspond to different program identification codes (PID); the bit lock disk protection module is coupled with the access right module and used for authenticating the access right; the bit lock disk management module is used for managing the establishment of a bit lock disk; the bit lock disk drive module is coupled with the bit lock disk management module and drives the bit lock disk to operate, wherein the bit lock disk drive module comprises: program identification code unit, which allocates specific program identification code according to access authority; and a Hook unit intercepting the disallowed handler according to the program identification code and connecting the allowed handler to A Program Interface (API).
Description
Technical Field
The present invention relates to a system and method for managing a disk handler, and more particularly, to a system and method for managing a bit-locked disk handler, which solve the problem of a collision of a program identification code (PID) under an operating system when an application program is executed.
Background
With the development of computer technology, modern people use computers, or various terminals as working tools, for example, in enterprises, government units, financial institutions, and military units, to generate a large amount of electronic files at any time. However, in the information age, as long as important electronic files are involved, electronic files having important values such as business, policy, military, intelligent creation and the like are leaked due to careless management inside an organization, or are subject to external attacks, such as illegal backup from inside the organization, destruction of the electronic files, or physical entrainment of storage devices containing the electronic files to the outside, and network attacks or theft by external terminals, so that enterprises or organizations are subjected to loss in interests. In addition, since the operating system of modern computers can accommodate multiple groups of user accounts, or share the network server, it is necessary to distinguish between confidential documents with different confidentiality levels when multiple users share the network server at the same time.
For the above-mentioned file distinguishing manner, current practice generally plans to separate relative access rights for each user's business property in an organization or an enterprise, for example, a specific user has access rights for printing, previewing, reading, copying, executing and editing for a specific confidential file, but has access rights given to less relevant business, only previewing and reading can be executed, but copying and editing cannot be performed, so that confidential files in an organization or an enterprise can be managed separately. Therefore, to achieve the above objective, one approach is to introduce a SandBox mechanism (SandBox) into an organization or a system of the organization, so that the confidential documents, software, or settings that can be accessed are limited to the resources provided by the operating system, and cannot be exceeded, so that multiple users are isolated, and different levels of protection are provided between them to control attacks by viruses and malware, and more importantly, to prevent the confidential documents of the organization or the organization from leaking from the inside to the outside, for example: the off-staff of the software company brings the program code developed by the original company to the competing company, or the business company brings the confidential business file.
Conventionally, when an Error occurs in a program, only the operating system can be restarted, and the sandbox mechanism generally uses a program identification code (Process Identifier, PID) in the operating system as a basis for managing access rights of the confidential files. The program identifier is a value used by the kernel of most UNIX-Like operating systems to identify confidential documents, and this value may be used as a parameter for many function calls to adjust program priorities, delete (Kill) programs, or access rights control of programs.
Although the program identifier has the advantages, for some specific applications (e.g. Microsoft Excel), the difficulty that the program identifier is used for managing the authority of the confidential documents may be encountered is that when a plurality of confidential documents are executed under the same specific application, the operating system may be assigned to the same program identifier of the application, which may cause the sandbox mechanism to fail to distinguish what access authority the different confidential documents correspond to, thereby possibly causing an error in processing the program. As shown in fig. 1, there is shown an error situation of the user 301, the application 303, the program identification code 305, the confidential file 307, and the program interface 309. When the actual user 301A opens the first file 307A and the second file 307C in the confidential files 307 by executing the application 303 (e.g., microsoft Excel described above), the first file 307A and the second file 307C both correspond to the first program identifier 305A, so that in the sandbox mechanism 111, it is impossible to distinguish why the access rights of the first file 307A and the second file 307C to the actual user 301A.
Therefore, in the prior art, the above-mentioned system and method for managing access rights of confidential documents by program identification codes in sandbox mechanism still needs to be further improved to avoid the disadvantages that the access rights in sandbox mechanism may be wrong for specific application programs, so that the access rights of users to different confidential documents cannot be effectively exerted and the stability of the operating system may be affected.
Disclosure of Invention
Accordingly, the present invention is directed to a system and method for managing a bit-locked disk handler.
In order to achieve the above purpose, the invention adopts the following technical scheme:
a bit-locked disk handler management system solves the problem of opening multiple confidential files by the same application (e.g., microsoft Excel, word, power Point) that would correspond to the same program identification code (Process Identifier, PID).
The system of the invention distributes the operation resources of the system components and coordinates with the processing program through the processing module. The system architecture of the invention comprises an access right module, wherein the access right module is used for setting the access right of a bit lock disk and comprises processing programs such as writing, reading, previewing, copying, deleting or printing; the bit lock disk protection module is coupled with the access right module to authenticate the access right of the bit lock disk to the user, and the authentication mode can be an authentication mode based on bit lock (BitLocker); the bit lock disk management module is used for managing confidential files stored in the bit lock disk and the establishment and the number of the bit lock disk; the bit lock disk driving module is coupled with the bit lock disk management module and drives the bit lock disk to operate, wherein the bit lock disk driving module further comprises: a program identification code unit for giving a program identification code (PID) specific to the user, the application program, and the confidential file according to the access right set by the access right module; and a pipe blocking unit (Hook) for blocking the processing program not allowed by the access right according to the program identification code and connecting the processing program allowed by the access right to a program interface (Application Programming Interface, API).
According to the present invention, different files of the same application program will correspond to different program identification codes (PIDs), i.e., the first program identification code corresponding to the first file is different from the second program identification code corresponding to the second file.
According to the present invention, the system architecture of the access authority module further comprises a user unit for creating a required number of virtual users according to the requirement that a plurality of confidential files are executed under the same application program, so that different confidential files can correspond to different program identification codes.
According to the present invention, the system architecture of the access authority module further comprises a function formula Library unit for recording function formulas of program identification codes of specific users, application programs and confidential files, wherein the function formula format in the function formula Library unit can be a Dynamic-Link Library (DLL).
A bit-locked disk handler management method, the method comprising the steps of: the processing module judges whether the first file is started before the application program is executed; if the judgment is negative, the program identification code unit establishes a first program identification code corresponding to the first file; if the above judgment is true, the user unit establishes a virtual user in the environment of the actual user according to the application requirement; and under the same application program environment, the program identification code unit establishes a second program identification code corresponding to the second file for the virtual user, and after the second file is closed, the virtual user can be deleted or not deleted after a preset time is selected.
According to the invention, the bit lock disk processing program management method further comprises the steps that the processing module starts an application program in an environment of an actual user; a pipe blocking unit (Hook) intercepts all the processes.
According to the present invention, the bit-locked disk handler management method further includes a blocking unit blocking the disallowed handler in the first file according to the access right, and linking the allowed handler to the program interface.
According to the invention, the pipe blocking unit intercepts the processing program in the second file according to the access right, and links the allowed processing program to the program interface after the virtual user is established.
According to the present invention, the bit-locked disk handler management method further includes a processing module, executing the first file permitted by the access right in an operating system environment of the actual user.
According to the present invention, the bit-locked disk processing program management method further includes a processing module executing, by the runas program, the second file permitted by the access authority by the application program in the environment of the virtual user.
According to the present invention, the bit-locked disk processing program management method further comprises setting access rights of each user by using an access rights module, and storing the access rights in the user unit.
The foregoing is provided to illustrate the objects, technical means and effects that can be achieved by the present invention, and the present invention will be more apparent to those skilled in the art from the following examples of the embodiments and accompanying drawings and claims.
Drawings
The detailed description and examples of the invention as described below are presented in order to provide a more thorough understanding of the invention; however, it should be understood that this is only to be taken as a reference for understanding the application of the invention and not to limit the invention to a specific embodiment.
Fig. 1 illustrates a problem that may be encountered when setting access rights of a user to an application or confidential documents based on a program identification code (PID) under a conventional sandbox mechanism.
FIG. 2 illustrates a system architecture of a bit-locked disk handler management system.
Fig. 3 shows how several confidential documents with different access rights are executed in a processing module in the environment of an actual user in the present invention.
FIG. 4 shows the steps of a bit-locked disk handler management method.
FIG. 5 is a flowchart showing steps in a method for managing a meta-lock disk handler.
Symbol description
Detailed Description
The following specific examples are put forth so as to provide those of ordinary skill in the art with a readily understanding of the present disclosure, and are presented to provide a further understanding of the principles and advantages of the present disclosure. And the invention is capable of other embodiments and its details are capable of modifications and various other changes, which may be made in the details of the description and of being practiced in various respects, all without departing from the spirit of the present invention.
The present invention provides a system and a method for managing a bit-locked disk processing program, which solve the problems that in the conventional sandbox mechanism, when a program identification code (PID) is used to set the access right of a user to an application program or a confidential file, some specific application programs can combine the processing programs into one same program identification code when opening different confidential files, and the modified parameters cannot be added to the specific application programs to separate the program identification codes. For example, in the case where the actual user is Lisa, if two confidential documents are opened by Excel, the program identifiers are combined to the same one, such as 2010 (the numbers are only examples), and the two confidential documents are not represented by the two program identifiers (such as 1020 and 1030), which may affect the stability of the sandbox mechanism and may pose a problem of possible vulnerability to the protection of the confidential documents. The solution strategy provided by the invention is that a program interface is utilized to create a required number of virtual users under the applied actual user environment according to the number of the opened confidential files, so that the plurality of confidential files can be respectively executed on different virtual users by utilizing a runas program, and the specific application programs can assign different program identification codes to the confidential files according to the difference of users, thereby achieving the purposes of enabling the different confidential files to correspond to different access rights, avoiding program errors, improving the system stability and the operation convenience. The sandbox mechanism of the present invention is bit lock (bitlock). The technical means for implementing the present invention will be described in detail later.
In the present invention, the processing module 201 generally includes a processing chip, a memory, a temporary memory, a display device, a network communication module, an operating system, an application program, etc. that are connected to each other in a generally known manner to perform operations, temporary memory, display, data transmission, and provide functions of operation and management coordination of the bit-locked disk processing program management system 200, which are not described herein in detail based on the above generally known architecture. In addition, in the present invention, the access rights include writing, reading, previewing, copying, deleting, or printing, and the user 301, the application 303, the program identifier 305, and the confidential document 307 can be created or executed according to the application requirements, such as the first program identifier 305A, the second program identifier 305C, the nth identifier, or the first document 307A, the second document 307C, the nth document, and so on, which will be readily understood by those skilled in the art after reading the present specification.
Referring to fig. 2 and 3, in order to achieve the purpose of the present invention, the present invention provides a bit-locked disk handler management system 200, which is executed by the above-mentioned processing module 201, and the processing module 201 allocates the operation resources of the system components to coordinate with the handler.
In the present invention, the bit-locked disk handler management system 200 architecture comprises: the access authority module 209 sets the access authority of the bitlock disk and comprises processing programs such as writing, reading, previewing, copying, deleting or printing, wherein the access authority module 209 comprises a user unit 209A so as to create a required number of virtual users by using a program interface 309 according to the requirement that a plurality of confidential files 307 are executed under the same application program 303, so that different confidential files 307 can correspond to different program identification codes 305; the bit lock disk protection module 207, coupled to the access authority module 209, is used for authenticating the access authority of the bit lock disk to the user 301, and the authentication mode may be a bit lock (bitlock) based authentication mode; the bit-locked disk management module 203 manages the confidential files 307 stored in the bit-locked disks, and the establishment and number of bit-locked disks.
In the present invention, the bit-locked disk handler management system 200 further comprises: the bit-locked disk driving module 205 is coupled to the bit-locked disk management module 203 and drives the bit-locked disk to operate, wherein the bit-locked disk driving module 205 further comprises: program identification code section 205A gives user 301, application 303, and confidential file 307a specific program identification code 305 according to the access right set by access right module 209; and a pipe blocking unit 205C that intercepts the processing program not permitted by the access right based on the program identification code 305 and connects the processing program permitted by the access right to the program interface 309.
It should be noted that, in the present disclosure, the actual user 301A and the virtual user 301C have the same access rights for the application 303 in order to correspond to the user 301 that is actually the same as the actual user 301A and the virtual user 301C, but the first file 307A and the second file 307C may have different access rights due to different business properties in the organization or the enterprise, so the bit-locked disk processing program management system 200 needs to execute the second file 307C in the virtual user 301C in order to have different program identifiers 305 for the first file 307A and the second file 307C. In the embodiment of the present invention, the first file 307A and the second file 307C may be executed on the same screen or different screens in the processing module 201.
Referring to FIG. 3, an implementation of the bit-locked disk handler management system 200 in the processing module 201 is shown. In the embodiment of the present invention, when the first file 307A is executed by the application 303 in the execution environment of the bit lock by the actual user 301A, for example, lisa, the program identification code unit 205A assigns the first program identification code 305A to the first file 307A. In one embodiment, the blocking unit 205C identifies the permission and the non-permission of the access right set in the access right module 209 by the actual user 301A through the first program identification code 305A. For example, it includes whether the content of the first file 307A can be previewed, whether it can be written, copied, deleted, printed, or the like to the content of the first file 307A. When the access authority is confirmed, the pipe blocking unit 205C connects the permitted handler to the program interface (API) 309, and intercepts the non-permitted handler.
In view of the above, when the actual user 301A, for example Lisa, executes the second file 307C through the same application 303, the system creates a virtual user 301C having the same access right as the actual user 301A, and generates a virtual name by using a random number in the virtual user 301C, for example, under a Dean environment, and the program identifier unit 205A assigns the second file 307C to the second program identifier 305C, so as to facilitate execution of the second file 307C, so that the present invention generates different program identifiers 305 corresponding to the same application 303 for the same user 301, wherein one of the program identifiers 305 is generated for the virtual user 301C. Therefore, the same user can use the same application 303 to open different confidential files 307, and one of the confidential files 307 corresponding to the user is a virtual user, so that the same user is given different program identification codes 305, which is beneficial to open different files having different program identification codes 305 and belonging to the same application 303. For example, the second Excel confidential file 307 is executed under the virtual user 301C, and the program identification code 305 is different from the previous Excel confidential file 307. Note that, the Excel is only an example, and can be applied to the application 303 where the two confidential documents 307 are combined with the program identifier 305, such as Word or Power Point, according to the actual use condition of the application 303.
According to an embodiment of the present invention, the system architecture of the access authority module 209 further includes a function formula Library unit 209C for recording the function formulas of the specific user 301, the application 303, and the program identification code 305 of the confidential document 307, wherein the function formula format in the function formula Library unit 209C may be a Dynamic-Link Library (DLL). In accordance with an aspect of the present invention, the program identifier 305 of the confidential document 307 may be set by the access authority module 209 according to the application requirements, or may be assigned by the program identifier unit 205A to adapt to the status of different applications 303, thereby improving the compatibility of the bit-locked disk processing program management system 200.
According to an embodiment of the present invention, the protection key included in the bit-locked disk protection module 207 may be a different access right setting in the corresponding access right module 209, and the protection key may be, but is not limited to, a trusted platform module (Trusted Platform Module, TPM), a client identification Code (PIN Code), a mobile device key, or a combination thereof. In one aspect of the present invention, the mobile device key may be a key stored in the USB flash drive, so that the access rights may correspond to different key protection forms according to the service properties of the user corresponding to the user 301.
Referring to fig. 4 and 5, the present invention provides a bit-locked disk processing program management method 400: the method comprises the following steps: in step S2, the processing module 201 is used in the environment of a user 301 to start an application 303; when executing step S4, the processing module 201 determines whether the application 303 has previously started the first file 307A; next, in step S5, if the determination in step S4 is negative, the program identifier unit 205A establishes a first program identifier 305A corresponding to the first file 307A; when executing step S8, if the determination in step S4 is yes, the system establishes a virtual user 301C in the environment of the user 301 according to the application requirement, and this adopts random number generation; in step S10, the program identification code unit 205A establishes a second program identification code 305C corresponding to the second file 307C of the application 303; wherein the first program identification code 305A is different from the second program identification code 305C.
According to the present invention, the bit-locked-disk processing program management method 400 further includes step S2, where the processing module 201 starts the application 303 in the environment of the actual user 301A; in step S3, the pipe blocking unit 205C intercepts all the processing procedures (processes).
According to the present invention, the bit-locked disk handler management method 400 further includes the step S6 of intercepting the disallowed handler in the first file 307A by the pipe blocking unit 205C according to the access authority, and linking the allowed handler to the program interface 309.
According to an embodiment of the present invention, the above-mentioned method steps further include step S7, the processing module 201 executes the first file 307A allowed by the access right under the environment of the actual user 301A, wherein the pipe blocking unit 205C links the allowed processing program to the program interface 309 according to the access right.
According to the present invention, step S9 is further included, and the pipe blocking unit 205C intercepts the processing procedure in the second file 307C.
According to an embodiment of the present invention, the above method further includes step S11, the pipe blocking unit 205C links the allowed processing program to the program interface 309 according to the access authority, and the processing module 201 executes the second file 307C of the application 303 under the environment of the virtual user 301C. In one embodiment of the present invention, after the second file 307C is closed by the actual user 301A, the user unit 209A may choose to delete or not delete the virtual user 301C after a predetermined time. In one aspect of the present invention, the runtime required for the creation of the virtual user 301C is considered, so that when the second file 307C is closed, the virtual user 301C may be optionally retained, allowing the subsequent second file 307C, or other confidential files 307 corresponding to the application 303, to be executed at a faster rate at startup.
According to an embodiment of the present invention, the above method step further includes step S1, the access authority module 209 sets the access authority of each user 301, and stores the content of the access authority in the user unit 209A, where the file format of the access authority may be an access authority matrix (Access Control Matrix).
The invention will be described in terms of preferred embodiments and aspects, which are intended to illustrate the structure of the invention, but not to limit the scope of the invention. Thus, the present invention can be widely practiced in other embodiments besides those described in the specification.
The foregoing is merely illustrative of the present invention, and the present invention is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (11)
1. A bit-locked disk handler management system for allocating computing resources through a processing module, comprising:
an access right module for setting an access right, wherein the access right module comprises:
a user unit for creating virtual users with required number and corresponding to different program identification codes PID;
the bit lock disk protection module is coupled with the access right module and used for authenticating the access right of the bit lock disk to the user;
the bit lock disk drive module is coupled with the bit lock disk management module and drives the bit lock disk to operate, wherein the bit lock disk drive module comprises: a program identification code unit, giving the confidential file program identification code according to the access authority, wherein different confidential files correspond to different program identification codes, the virtual user has the same access authority as the actual user, and a random number is adopted to generate a virtual name on the virtual user, at the moment, the program identification code unit gives different program identification codes so as to generate different program identification codes corresponding to the same application program aiming at the same user, and one of the program identification codes is the corresponding program identification code generated for the virtual user; the method comprises the steps of,
and a bit lock disk management module for managing the establishment of the bit lock disk.
2. The bit-locked-disk handler management system of claim 1, further comprising a blocking unit for blocking the disallowed handlers and connecting the allowed handlers to the program interface based on the program identification code.
3. The bit-locked disk handler management system of claim 1, further comprising: a client unit; the client unit creates a virtual user through a program interface.
4. The bit-locked disk handler management system of claim 1, further comprising: a subscriber unit; when the confidential document under the virtual user is closed, the user unit selects to delete or not delete the virtual user.
5. The bit-locked disk handler management system of claim 1, further comprising a function formula library unit for recording function formulas of the program identification codes, wherein the function formula format in the function formula library unit is a dynamically linked function formula library.
6. The bit-locked disk handler management system of claim 1, wherein the protection key of the bit-locked disk protection module is in the form of a trusted platform module, a client identification code, a mobile device key, or a combination thereof.
7. A method for managing a bit-locked disk handler, comprising the steps of:
a user starts an application program;
judging whether the first file started by the application program exists or not, and if so, generating a virtual user by a user unit;
a program identification code unit establishes a second program identification code corresponding to a second file of the virtual user, wherein the second program identification code is different from a first program identification code corresponding to the first file, the program identification code unit gives a confidential file program identification code according to access rights, wherein different confidential files correspond to different program identification codes, the virtual user has the same access rights as an actual user, a random number is adopted for generating a virtual name in the virtual user, the program identification code unit gives different program identification codes so as to generate different program identification codes corresponding to the same application program aiming at the same user, and one of the program identification codes is the corresponding program identification code for the virtual user.
8. The bit-locked-disk handler management method of claim 7, further comprising selecting to delete or not delete the virtual user when the second file is closed.
9. The method of claim 7, wherein the first program identifier and the second program identifier correspond to a confidential file format in Excel.
10. The method of claim 7, further comprising the steps of setting access rights of each user by an access rights module and storing contents of the access rights in the user unit.
11. The bit-locked-disk handler management method of claim 7, wherein the subscriber unit establishes the virtual subscriber through a program interface.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911090111.5A CN112784263B (en) | 2019-11-08 | 2019-11-08 | Bit-locked disk handler management system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911090111.5A CN112784263B (en) | 2019-11-08 | 2019-11-08 | Bit-locked disk handler management system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112784263A CN112784263A (en) | 2021-05-11 |
| CN112784263B true CN112784263B (en) | 2024-03-08 |
Family
ID=75748560
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911090111.5A Active CN112784263B (en) | 2019-11-08 | 2019-11-08 | Bit-locked disk handler management system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112784263B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103563278A (en) * | 2011-05-20 | 2014-02-05 | 西里克斯系统公司 | Securing encrypted virtual hard disks |
| CN104199734A (en) * | 2014-09-12 | 2014-12-10 | 上海斐讯数据通信技术有限公司 | Android smart terminal based application multi-run management method and system |
| CN105550582A (en) * | 2015-12-11 | 2016-05-04 | 福建联迪商用设备有限公司 | Method and system for accessing to virtual disk |
-
2019
- 2019-11-08 CN CN201911090111.5A patent/CN112784263B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103563278A (en) * | 2011-05-20 | 2014-02-05 | 西里克斯系统公司 | Securing encrypted virtual hard disks |
| CN104199734A (en) * | 2014-09-12 | 2014-12-10 | 上海斐讯数据通信技术有限公司 | Android smart terminal based application multi-run management method and system |
| CN105550582A (en) * | 2015-12-11 | 2016-05-04 | 福建联迪商用设备有限公司 | Method and system for accessing to virtual disk |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112784263A (en) | 2021-05-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Jaeger | Operating system security | |
| McGraw et al. | Attacking malicious code: A report to the infosec research council | |
| US8484483B2 (en) | Method for protecting computer programs and data from hostile code | |
| US6633984B2 (en) | Techniques for permitting access across a context barrier on a small footprint device using an entry point object | |
| US10650158B2 (en) | System and method for secure file access of derivative works | |
| Mai et al. | Verifying security invariants in ExpressOS | |
| JP4975127B2 (en) | Apparatus for providing tamper evidence to executable code stored on removable media | |
| CN112805708B (en) | Protecting selected disks on a computer system | |
| CN107077565A (en) | The collocation method and equipment of a kind of safe configured information | |
| GB2398134A (en) | Applying a data handing policy to predetermined system calls | |
| US10528749B2 (en) | Methods and apparatus for containerized secure computing resources | |
| US11263033B2 (en) | Usage checks for code running within a secure sub-environment of a virtual machine | |
| US6823520B1 (en) | Techniques for implementing security on a small footprint device using a context barrier | |
| US20230074455A1 (en) | System and method for monitoring delivery of messages passed between processes from different operating systems | |
| JP2010134935A (en) | Method and apparatus for performing file operation | |
| JP2018124893A (en) | Computer system and file access controlling method | |
| CN102663313B (en) | Method for realizing information security of computer system | |
| Sadeghi et al. | Taming “trusted platforms” by operating system design | |
| JP2004303242A (en) | Security attributes in trusted computing systems | |
| CN112784263B (en) | Bit-locked disk handler management system and method | |
| KR101056423B1 (en) | Program Execution Management Method and Record Media Using Logged-In Account Control | |
| Seong et al. | Security Improvement of File System Filter Driver in Windows Embedded OS. | |
| TWI736012B (en) | Bitlocker disc process identification management system and method | |
| KR101844534B1 (en) | Method for securing electronic file | |
| RU2775157C1 (en) | System and methods for verifying the integrity of software install image |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |